Commit Graph

5909 Commits

Author SHA1 Message Date
sternenseemann
3fb2993cb3 maintainers: rename lukasepple according to github account name 2016-10-09 22:04:22 +02:00
Aneesh Agrawal
f0602d2d36 kernel: Make SECURITY_YAMA optional
It's highly recommended, but not required to run NixOS.
2016-10-08 17:46:33 +02:00
Aneesh Agrawal
a000ed181c linux config: enable the Yama LSM (#14392)
The Yama Linux Security Module restricts the use of ptrace so that
processes cannot ptrace processes that are not their children. This
prevents attackers from compromising one user-level processes and
snooping on the memory and runtime state of other processes owned
by the same user.
2016-10-08 16:40:12 +02:00
Tim Steinbach
a699eb4798 linux: 4.4.23 -> 4.4.24 (#19346) 2016-10-08 07:02:07 +02:00
Tim Steinbach
9481edec56 linux: 4.7.6 -> 4.7.7 (#19345) 2016-10-08 07:01:51 +02:00
Tim Steinbach
07e67b33af linux: 4.8.0 -> 4.8.1 (#19344) 2016-10-08 07:01:27 +02:00
Marco Maggesi
435673b948 Revert "Revert "linux*: remove 3.14, as it's no longer maintained""
In the end, it is too dangerous to have an unmaintained kernel in
nixpkgs.  Revert the revert.

This reverts commit e921725176.
2016-10-07 23:26:32 +02:00
Marco Maggesi
e921725176 Revert "linux*: remove 3.14, as it's no longer maintained"
This is the simplest way to reenable the use of BLCR
(which at present requires linux version >3.12 <3.18)
until we find a better solution.

This reverts commit 6a9e765e27.
2016-10-07 14:31:24 +02:00
Jude Taylor
3dee596ed1 reinstate libiconv/libcharset wrapper 2016-10-06 11:56:32 -07:00
Thomas Tuegel
2e255a2edd
Merge branch 'staging' 2016-10-06 09:51:02 -05:00
Eelco Dolstra
a8b61b0aad Merge pull request #19278 from anderspapitto/local
perf: add dependency on libaudit
2016-10-06 11:45:54 +02:00
Anders Papitto
aa44330963 perf: add dependency on libaudit
the `trace` subcommand of perf is only enabled when libaudit is
available at compile time
2016-10-05 17:59:44 -07:00
Jörg Thalheim
638d4b4d71 Merge pull request #19265 from Mic92/rtkit
rtkit: apply security relevant patch
2016-10-06 00:07:35 +02:00
Eelco Dolstra
f084274eeb Merge pull request #19251 from groxxda/patch-2
kernel: Disable RT_GROUP_SCHED
2016-10-05 20:05:18 +02:00
Vladimír Čunát
30f551d8b2 Merge branch 'master' into staging 2016-10-05 19:02:48 +02:00
Jörg Thalheim
c684eb756a
rtkit: *security* Pass uid of caller to polkit
Otherwise, we force polkit to look up the uid itself in /proc, which is racy if
they execve() a setuid binary.
2016-10-05 18:11:02 +02:00
Alexander Ried
96fbdf8594 kernel: Disable RT_GROUP_SCHED
Follow systemd recommendation
fd74fa791f/README (L96-L103)
2016-10-05 12:52:45 +02:00
Alexander Ried
4e91e8cb3d rtkit: add patch from debian to remove ControlGroup stanza
fixes log clutter:
systemd[1]: [/nix/store/....-rtkit-0.11/etc/systemd/system/rtkit-daemon.service:32] Unknown lvalue 'ControlGroup' in section 'Service'
2016-10-05 11:23:11 +02:00
Thomas Tuegel
d067b7bd35
Merge branch 'kde-5' into staging 2016-10-04 21:50:17 -05:00
Shea Levy
e54313d183 Revert "Revert "Linux 4.8""
Now featuring @aszlig's modinst_arg_list_too_long patch.

This reverts commit 43bedb970d.

Fixes #19213
2016-10-04 10:10:36 -04:00
Shea Levy
43bedb970d Revert "Linux 4.8"
This reverts commit e4958d54b1.
2016-10-03 22:04:43 -04:00
Vladimír Čunát
1525568c74 util-linux: fixup patch hash from grandparent merge
And name the file, too.
2016-10-03 23:06:51 +02:00
Jörg Thalheim
45f64a37c9 Merge pull request #19175 from Mic92/util-linux
util-linux: workaround CVE-2016-2779
2016-10-03 22:53:21 +02:00
Jörg Thalheim
888f6a1280 Merge pull request #19199 from wizeman/u/fix-help2man-hash
help2man: fix hash
2016-10-03 19:26:44 +02:00
Franz Pletz
beca8946ee
jool: 3.4.5 -> 3.5.0 2016-10-03 18:25:28 +02:00
Shea Levy
e4958d54b1 Linux 4.8 2016-10-03 08:45:45 -04:00
Eric Sagnes
58d44a376e wireguard: 2016-08-08 -> 2016-10-01 2016-10-03 17:06:11 +09:00
Jörg Thalheim
ba00ba65eb
util-linux: workaround CVE-2016-2779
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779
2016-10-03 08:49:56 +02:00
Joachim Fasting
9a9237e0aa
grsecurity: revamp nixos kernel config
Cleanup:
- Restructure & add some commentary
- Remove redundant option specs given the auto config
  constraints (some are left in for documentation purposes)

Changes:
- GRKERNSEC_CONFIG_VIRT_HOST -> GUEST
  The former deselects paravirtualization and friends
- PAX_LATENT_ENTROPY n -> y (implied by auto)
- GRKERNSEC_ACL_HIDEKERN y -> n
  Possibly useless with redistribution
2016-10-02 19:25:58 +02:00
Joachim Fasting
1bb7b44cd7
grsecurity: make GRKERNSEC y and PAX y implicit
These options should always be specified. Note, an implication of this
change is that not specifying any grsec/PaX options results in a build
failure.
2016-10-02 19:25:58 +02:00
Tuomas Tynkkynen
19225bf5cc Merge remote-tracking branch 'upstream/master' into staging 2016-10-02 10:36:47 +03:00
Tuomas Tynkkynen
f5dd3a703d treewide: Fix more lib.optional misuses 2016-10-02 00:44:10 +03:00
Aneesh Agrawal
fcee1d0b28
Remove redundant -DCMAKE_BUILD_TYPE=Release flags
Since commit 183d05a0 in 2012, this is the default.

fixes #18000
2016-10-01 16:13:41 +02:00
Joachim Fasting
2ec9a1a955
grsecurity: 4.7.5-201609261522 -> 4.7.6-201609301918 2016-10-01 08:47:30 +02:00
Joachim Fasting
22108b7a10
linux_4_7: 4.7.5 -> 4.7.6 2016-10-01 08:46:31 +02:00
Eelco Dolstra
613a12a8bd linux: 4.4.22 -> 4.4.23 2016-09-30 14:41:19 +02:00
Eelco Dolstra
8b09ba32d3 systemd: Apply various upstream bug fixes
This includes the fix for the assertion failure in
https://github.com/systemd/systemd/issues/4234.
2016-09-30 11:23:51 +02:00
rnhmjoj
7cf7572734
btfs: 2.11 -> 2.12 2016-09-30 01:23:16 +02:00
Eelco Dolstra
fe9e5f9f55 pam_usb: Fix evaluation 2016-09-29 20:35:40 +02:00
Eelco Dolstra
518340624d Merge remote-tracking branch 'origin/master' into staging 2016-09-29 13:06:14 +02:00
Eelco Dolstra
c5ddb7dd56 Move useSetUID to pam_usb, the only place where it's used 2016-09-29 13:05:28 +02:00
Yochai
ca9c21b0ab rtl8812au: 4.2.2-1 -> 4.3.20 2016-09-29 09:29:22 +03:00
Graham Christensen
ff5cf3abff linux-3.10: fix build by upstream patch 2016-09-28 19:18:34 +02:00
Vladimír Čunát
77604964b6 Merge branch 'master' into staging 2016-09-28 17:13:59 +02:00
Vladimír Čunát
3e1afeaa5b libsepol: temporary fixup after flex security update
/cc #18909.
2016-09-28 11:12:05 +02:00
Alexander Ried
d666196a44
iproute2: fix bash completion
apparently bash expects only files in its completion folder and not
subfolders.
2016-09-27 18:20:07 +02:00
Joachim Fasting
98a9d815e0
grsecurity: 4.7.4-201609211951 -> 4.7.5-201609261522 2016-09-27 01:43:50 +02:00
zimbatm
0e91a0bbe7 Merge pull request #18943 from Mic92/busybox
busybox: 1.23.2 -> 1.24.2
2016-09-26 12:23:22 +01:00
Frederik Rietdijk
3ba16c8234 Do not use top-level buildPythonPackage or buildPythonApplication
but instead use the one in pythonPackages.
2016-09-26 11:10:51 +02:00
Joachim Fasting
e1395365ea
spl: fix eval
xref: 30ae939142
2016-09-25 16:16:33 +02:00
Alexander Ried
7615d6385a iproute2: 4.5.0 -> 4.7.0 (#18435)
iproute now packages a bash-completion file which it installs to
$BASH_COMPDIR.

* fanpatch: adjust for new version

- The patch did not apply because the code around the additions changed.
- The patch uses functions that got changed [1] & [2], I adjusted the
  patch to use the safe version. Probably not needed but better safe
  than sorry.
[1] format_host: http://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=a418e451643e77fe36861e53359587ba8aa41873
[2] rt_addr_n2a: http://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=7faf1588a755edb9c9cabbe1d3211265e9826d28
2016-09-25 15:07:03 +02:00
Franz Pletz
30ae939142
linuxPackages.spl: don't mark as broken on kernel >= 4.7
Compatibility added in c8c688b0c9.
2016-09-25 14:55:45 +02:00
Franz Pletz
6e063a49b1
linuxPackages.jool: 3.4.4 -> 3.4.5 2016-09-25 14:20:46 +02:00
Franz Pletz
c8c688b0c9
linuxPackages.zfs: 0.6.5.7 -> 0.6.5.8
Adds compatibility for 4.7 & 4.8 Linux kernels.
2016-09-25 14:20:46 +02:00
Franz Pletz
3a4a425728
linux: 4.7.4 -> 4.7.5 2016-09-25 14:20:46 +02:00
Franz Pletz
c83f8a536a
linux: 4.4.20 -> 4.4.22 2016-09-25 14:20:46 +02:00
Franz Pletz
fdf239fb83
linux: 4.1.31 -> 4.1.33 2016-09-25 14:20:45 +02:00
Franz Pletz
17402fc4a3
linux: 3.18.40 -> 3.18.42 2016-09-25 14:20:45 +02:00
Franz Pletz
31ff655e46
kernelPatches: remove unneeded patches 2016-09-25 14:20:45 +02:00
Franz Pletz
01f465c82b
linux: 3.12.62 -> 3.12.63 2016-09-25 14:20:45 +02:00
Franz Pletz
b1029abe56
linux: 3.10.102 -> 3.10.103 2016-09-25 14:20:45 +02:00
Franz Pletz
e8cd27dd8a
linux_4_6: remove, not maintained anymore 2016-09-25 14:20:39 +02:00
Jörg Thalheim
74876b0cad
busybox: 1.23.2 -> 1.24.2
fixes https://lwn.net/Vulnerabilities/696815/
2016-09-25 13:21:29 +02:00
Nikolay Amiantov
ea4d517eb8 Merge pull request #18661 from NeQuissimus/kernel/zbud
kernel-common: Add ZBUD
2016-09-25 12:33:08 +04:00
Vladimír Čunát
fffc7638cd Merge branch 'master' into staging 2016-09-24 18:54:31 +02:00
Joachim Fasting
64816cd972
grsecurity: 4.7.4-201609152234 -> 201609211951 2016-09-22 23:40:50 +02:00
Joachim F
fc4751eccc Merge pull request #18751 from TvoroG/rtlwifi
rtlwifi_new: init at 2016-09-12
2016-09-22 22:50:46 +02:00
Luca Bruno
cf6815275a Merge pull request #18814 from tavyc/nvme-cli
nvme-cli: init at 0.9
2016-09-22 21:47:57 +01:00
Octavian Cerna
b26dff4ea5 nvme-cli: init at 0.9 2016-09-21 21:45:38 +03:00
Domen Kožar
d199d5041a ena: mark as broken on chromiumos
(cherry picked from commit bc06f19efb9a13a2b3fafbdc2ce35427e64c9402)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-21 12:04:17 +02:00
Eelco Dolstra
7a4209c356 Merge remote-tracking branch 'origin/master' into staging 2016-09-20 17:46:09 +02:00
Marsel
52dd323047 rtlwifi_new: init at 2016-09-12 2016-09-20 16:18:24 +03:00
Kirill Boltaev
d2bbc631ff pktgen: disable parallel building 2016-09-19 05:28:43 +03:00
Joachim Fasting
e2659de1b2
kernelPatches: remove legacy grsecurity attrs 2016-09-18 15:26:57 +02:00
Charles Strahan
d5e24d3f80
fanctl: 0.9.0 -> 0.12.0 2016-09-17 22:37:39 -04:00
Vladimír Čunát
6a9e765e27 linux*: remove 3.14, as it's no longer maintained 2016-09-17 02:10:53 +02:00
Vladimír Čunát
12a45a8496 Merge #18237: ati_drivers_x11: patch for kernel 4.6 2016-09-17 01:29:27 +02:00
Vladimír Čunát
7a0b3c64ee Merge #18327: gcc darwin fixes 2016-09-17 00:32:03 +02:00
Vladimír Čunát
52e1a198cf Merge branch 'master' into staging 2016-09-17 00:31:34 +02:00
rushmorem
7be7620e51 fuse: 2.9.5 -> 2.9.7 2016-09-16 22:28:14 +02:00
Tuomas Tynkkynen
f5c9c4f18a Merge pull request #18659 from layus/fix-mptcp
linux_mptcp: fix config options broken by b4a4a63cc4
2016-09-16 21:06:54 +03:00
aszlig
a0b643ed06
linux-testing: 4.8-rc4 -> 4.8-rc6
Built successfully on my machine, no runtime tests performed.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Verified-with-PGP: ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
2016-09-16 17:57:32 +02:00
Tim Steinbach
77e1be36b9
kernel-common: Add ZBUD, move ZSMALLOC into module space 2016-09-16 15:31:51 +00:00
Guillaume Maudoux
f0e519d26a linux_mptcp: fix config options broken by b4a4a63cc4 2016-09-16 13:15:50 +02:00
Joachim Fasting
d082a7c0fd
grsecurity: 4.7.3-201609072139 -> 4.7.4-201609152234 2016-09-16 11:18:42 +02:00
Joachim Fasting
2050f12f4e
linux_4_7: 4.7.3 -> 4.7.4 2016-09-16 11:18:42 +02:00
Domen Kožar
77a67189ef lttng-modules: broken on chromiumos
(cherry picked from commit 3f4d94a4c2d422836c07ed1206b454cd7b681f01)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-16 11:12:29 +02:00
Matthew Bauer
8610a34474
gcc: use special native system headers for darwin
Darwin systems need to be able to find CoreFoundation headers as well as
libc headers. Somehow, gcc doesn't accept any "framework" parameters
that would normally be used to include CoreFoundation in this
situation.

HACK: Instead, this adds a derivation that combines the two. The result
works but probably not a good long term solution.

ALTERNATIVES: Maybe sending patches in to GCC to allow
"native-system-framework" configure flag to get this found.
2016-09-15 17:58:09 -05:00
aszlig
1781e95577
Merge pull request #18567 (VirtualBox 5.1.6)
This introduces VirtualBox version 5.1.6 along with a few refactored
stuff, notably:

  * Kernel modules and user space applications are now separate
    derivations.
  * If config.pulseaudio doesn't exist in nixpkgs config, the default is
    now to build with PulseAudio modules.
  * A new updater to keep VirtualBox up to date.

All subtests in nixos/tests/virtualbox.nix succeed on my machine and
VirtualBox was reported to be working by @DamienCassou (although with
unrelated audio problems for another fix/branch) and @calbrecht.
2016-09-14 02:20:16 +02:00
Daiderd Jordan
28a0da5edc
darwin.libunwind: fix incorrect sha256 2016-09-14 00:42:07 +02:00
Kirill Boltaev
0f37287df5 treewide: explicitly specify gtk version 2016-09-13 21:09:24 +03:00
Tuomas Tynkkynen
0c0188c5d2 kernel config: Explicitly enable some NLS-related things
Doesn't affect x86, but ARM can't mount VFAT filesystems without this on
a 3.18 kernel.
2016-09-13 17:06:13 +03:00
Tuomas Tynkkynen
b4a4a63cc4 kernel generate-config.pl: Properly support string options
Or we get something like:

option not set correctly: NLS_DEFAULT (wanted 'utf8', got '"utf8"')
2016-09-13 17:06:13 +03:00
Tuomas Tynkkynen
246bd302ec kernel generate-config.pl: Be more verbose on errors 2016-09-13 17:06:13 +03:00
Nikolay Amiantov
4748709926 Merge commit 'refs/pull/18498/head' of git://github.com/NixOS/nixpkgs 2016-09-13 12:51:34 +03:00
Franz Pletz
05357f098c Merge pull request #18486 from aske/mba6x_bl
linuxPackages.mba6x_bl: 2016-02-12 -> 2016-04-22
2016-09-13 07:28:59 +02:00
aszlig
8bd89c922d
virtualbox: Split kernel modules into own package
Putting the kernel modules into the same output path as the main
VirtualBox derivation causes all of VirtualBox to be rebuilt on every
single kernel update.

The build process of VirtualBox already outputs the kernel module source
along with the generated files for the configuration of the main
VirtualBox package. We put this into a different output called "modsrc"
which we re-use from linuxPackages.virtualbox, which is now only
containing the resulting kernel modules without the main user space
implementation.

This not only has the advantage of decluttering the Nix expression for
the user space portions but also gets rid of the need to nuke references
and the need to patch out "depmod -a".

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:12:38 +02:00
Nikolay Amiantov
9b26cb92e3 Merge branch 'displaylink'
Close #18041
2016-09-13 01:59:47 +03:00
Nikolay Amiantov
fbf6a97b04 linuxPackages.displaylink: init at 1.1.62 2016-09-13 00:30:35 +03:00
Kirill Boltaev
bccd75094f treewide: explicitly specify gtk and related package versions 2016-09-12 18:26:06 +03:00
Dan Peebles
e6ea302c47 apple-source-releases: upgrade a bunch of stuff 2016-09-12 08:53:46 -04:00
Michael Raskin
11bc6ea4ae firejail: 0.9.42-rc1 -> 0.9.42 2016-09-12 13:01:34 +02:00
Dan Peebles
31e79c5478 stdenv-darwin: upgrade a couple more constituents 2016-09-12 03:40:53 -04:00
Dan Peebles
7b9d3f8605 stdenv-darwin: upgrade a few more things
It's a long build and generally painful to split into smaller commits,
so I apologize for lumping many changes into one commit but this is far
easier.

There are still several outdated parts of the darwin stdenv but these
changes should bring us closer to the goal.

Fixes #18461
2016-09-12 01:46:44 -04:00
Tuomas Tynkkynen
2b0eace6cf Merge remote-tracking branch 'upstream/staging' into master 2016-09-11 11:41:18 +03:00
aske
0628215f9e linuxPackages.mba6x_bl: 2016-02-12 -> 2016-04-22 2016-09-10 20:27:49 +03:00
Tuomas Tynkkynen
35ec0e72e3 util-linux: Split 'dev' 2016-09-10 19:05:05 +03:00
Joachim Fasting
91674b75d3
grsecurity: 4.7.2-201608312326 -> 4.7.3-201609072139 2016-09-10 17:06:42 +02:00
Ruslan Babayev
7b51c79ccd pktgen: 3.0.04 -> 3.0.13 (#18477) 2016-09-10 12:06:13 +02:00
Vladimír Čunát
07facfc49f broadcom-sta: don't (claim to) maintain anymore
I haven't used the driver for years.
2016-09-10 10:57:48 +02:00
Franz Pletz
c513e2ab39
multipath-tools: 0.5.0 -> 0.6.2, fixes build
Was broken due to 78178d5854.
2016-09-09 23:14:16 +02:00
Tuomas Tynkkynen
fcec24334e Merge remote-tracking branch 'upstream/staging' into master 2016-09-09 11:41:31 +03:00
Joachim Fasting
099584a27c
busybox: fix static build
The static build fails with undefined references to __memcpy_chk when
the fortify hardening is enabled.
2016-09-09 04:46:00 +02:00
Tuomas Tynkkynen
290db94f04 Merge remote-tracking branch 'upstream/master' into staging 2016-09-09 02:40:47 +03:00
Jörg Thalheim
e2991cc70b bcc: install documentation not as an executable
in bcc/tools documentation was wrapped as an executable
2016-09-08 20:39:24 +02:00
Jörg Thalheim
c58f6e62de bcc: git-2016-05-18 -> git-2016-08-30 2016-09-08 20:39:24 +02:00
Eelco Dolstra
bc7e4e390a linux: 4.4.19 -> 4.4.20 2016-09-08 13:58:05 +02:00
Tim Steinbach
4829cd7f65
kernel: 4.7.2 -> 4.7.3 2016-09-08 01:51:28 +00:00
Bjørn Forsman
2bf421d197 mcelog: add utillinux as dependency
Fixes this:

  $ sudo mcelog
  ...
  unknown-error-trigger: line 21: logger: command not found
  unknown-error-trigger: line 22: logger: command not found
2016-09-06 20:30:47 +02:00
Franz Pletz
9a2065ff2a
batman-adv: 2016.2 -> 2016.3 2016-09-06 03:59:43 +02:00
Eelco Dolstra
78178d5854 systemd: Separate lib output
This moves libsystemd.so and libudev.so into systemd.lib, and gets rid
of libudev (which just contained a copy of libudev.so and the udev
headers). It thus reduces the closure size of all packages that
(indirectly) depend on libsystemd, of which there are quite a few (for
instance, PulseAudio and dbus). For example, it reduces the closure of
Blender from 430.8 to 400.8 MiB.
2016-09-05 19:17:14 +02:00
Eelco Dolstra
e8315cb1ca shadow: Separate man output
This removes ~2 MiB from the minimal config.
2016-09-05 14:53:27 +02:00
Eelco Dolstra
ff7368e944 audit: Move z/OS plugin to a separate output
This prevents the NixOS base system from pulling in openldap,
cyris-sasl, and libkrb5.
2016-09-05 14:53:27 +02:00
Eelco Dolstra
8295089e6a utillinuxMinimal: Make more minimal
This removes locales, bash completion and crap like that. This cuts
6.5 MiB from the NixOS system closure (which unfortunately contains
two copies of util-linux, because of the need to break a dependency
cycle with systemd).
2016-09-05 13:45:59 +02:00
Matt McHenry
7bc91ffe41 patch ati-drivers for kernel 4.6
this uses the patch from
https://github.com/manjaro/packages-extra/commit/ddae91f2 to account
for https://github.com/torvalds/linux/commit/d4edcf0d and the patch
from https://www.virtualbox.org/ticket/15298 to account for
https://github.com/torvalds/linux/commit/09cbfeaf
2016-09-03 21:29:52 -04:00
Joachim Fasting
65786ba322
odp-dpdk: 10.10.1.0 -> 2016-08-16
Fixes build against dpdk 16.06

Tested build against linux, linux_latest, linux_3_18, linux_4_1,
linux_4_6, linux_grsec_nixos, linux_chromiumos_3_18.

While this is pre-release, the delta since 10.10.1.0 seems to contain
primarily fixes or internal improvements.

Also cleanup build inputs while we're at it.
2016-09-03 21:20:52 +02:00
Joachim F
f8b447a6e4 dpdk: 16.04 -> 16.07, fix build against linux 4.7 (#18256)
Tested build against linux_latest and linux_grsec_nixos.
2016-09-03 17:40:27 +02:00
Joachim Fasting
ca465eeeb1
wireguard: disable build against -grsec kernels
Looks to be incompatible with the PaX constification plugin:

> /tmp/nix-build-wireguard-unstable-2016-08-08.drv-0/WireGuard-experimental-0.0.20160808/src/device.c:329:29: error: constified variable 'link_ops' placed into writable section ".data..read_mostly"
 static struct rtnl_link_ops link_ops __read_mostly = {

https://hydra.nixos.org/build/39671573/log/raw

See also https://github.com/NixOS/nixpkgs/issues/18209
2016-09-03 14:50:07 +02:00
Vladimír Čunát
4745341c69 spl: fix evaluation after the parent commit
This doesn't fully fix the tarball job.
2016-09-03 14:34:55 +02:00
Rok Garbas
3698f321ef
spl: mark it broken on kernels higher then 4.7
until new spl version is release
2016-09-03 14:07:49 +02:00
Franz Pletz
a1c24ab976
systemd: apply patch to fix #18158
See:
 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834367
 - https://github.com/systemd/systemd/issues/3842
2016-09-02 23:39:19 +02:00
Shea Levy
ce0043bf4c phc-intel: 0.4.0rev19 -> 0.4.0rev22
Fixes build on linux 4.7
2016-09-02 07:41:42 -04:00
Tuomas Tynkkynen
3364230d56 Disable bunch of non-compiling packages on Darwin
These ones have a "Last successful build" timestamp in the 2014s or
2015s. Presumably no one will notice if we now stop building them.

softether_4_18              2015-09-20  http://hydra.nixos.org/build/39418483
lensfun                     2014-09-30  http://hydra.nixos.org/build/39394104
net_snmp                    2015-09-20  http://hydra.nixos.org/build/39410553
djview                      2015-08-11  http://hydra.nixos.org/build/39413233
libmusicbrainz2             2015-09-20  http://hydra.nixos.org/build/39410106
fox_1_6                     2014-05-07  http://hydra.nixos.org/build/39410858
libofx                      2015-09-24  http://hydra.nixos.org/build/39423507
yacas                       2014-09-30  http://hydra.nixos.org/build/39393150
iomelt                      2014-09-30  http://hydra.nixos.org/build/39408486
softether                   2015-09-20  http://hydra.nixos.org/build/39425800
mp4v2                       2014-09-30  http://hydra.nixos.org/build/39421899
virtuoso7                   2014-09-21  http://hydra.nixos.org/build/39415206
man_db                      2015-04-23  http://hydra.nixos.org/build/39404236
libdiscid                   2014-09-30  http://hydra.nixos.org/build/39412202
zabbix22.agent              2014-09-21  http://hydra.nixos.org/build/39412149
vidalia                     2015-08-06  http://hydra.nixos.org/build/39411500
libmtp                      2015-09-20  http://hydra.nixos.org/build/39419199
wxGTK29                     2015-09-20  http://hydra.nixos.org/build/39415296
ncmpcpp                     2015-11-06  http://hydra.nixos.org/build/39404455
libtorrent                  2014-09-21  http://hydra.nixos.org/build/39394646
shishi                      2014-03-21  http://hydra.nixos.org/build/39418874
ocaml_3_12_1                2014-09-30  http://hydra.nixos.org/build/39392996
djview4                     2015-08-11  http://hydra.nixos.org/build/39427799
vimNox                      2014-05-23  http://hydra.nixos.org/build/39397012
ttfautohint                 2015-08-06  http://hydra.nixos.org/build/39398330
libraw                      2015-09-24  http://hydra.nixos.org/build/39402271
wxGTK30                     2015-09-20  http://hydra.nixos.org/build/39401871
sbcl_1_2_5                  2015-09-20  http://hydra.nixos.org/build/39426091
prover9                     2014-09-30  http://hydra.nixos.org/build/39406476
rcs                         2015-08-25  http://hydra.nixos.org/build/39392037
gpac                        2015-09-24  http://hydra.nixos.org/build/39399470
virtuoso6                   2014-09-30  http://hydra.nixos.org/build/39398651
xlslib                      2015-09-24  http://hydra.nixos.org/build/39410387
ucommon                     2015-03-27  http://hydra.nixos.org/build/39414040
commoncpp2                  2014-09-30  http://hydra.nixos.org/build/39420117
virtuoso                    2014-09-21  http://hydra.nixos.org/build/39399978
miniHttpd                   2014-09-30  http://hydra.nixos.org/build/39392925
mpack                       2014-09-26  http://hydra.nixos.org/build/39399535
nbd                         2014-09-26  http://hydra.nixos.org/build/39401367
newsbeuter-dev              2014-07-29  http://hydra.nixos.org/build/39406259
gimp_2_8                    2015-09-20  http://hydra.nixos.org/build/39436271
gimp                        2015-09-20  http://hydra.nixos.org/build/39435976
zabbix20.agent              2014-09-30  http://hydra.nixos.org/build/39393242
gst_all_1.gst-plugins-good  2015-09-20  http://hydra.nixos.org/build/39408506
ocaml_4_00_1                2014-09-30  http://hydra.nixos.org/build/39399526
inadyn                      2014-09-30  http://hydra.nixos.org/build/39426389
gst_all_1.gst-plugins-bad   2015-09-20  http://hydra.nixos.org/build/39392970
zabbix.agent                2014-09-30  http://hydra.nixos.org/build/39421412
cmake-2_8                   2015-09-24  http://hydra.nixos.org/build/39399443
liblastfm                   2015-08-06  http://hydra.nixos.org/build/39421812
newsbeuter                  2014-07-29  http://hydra.nixos.org/build/39396605
sdcv                        2014-09-26  http://hydra.nixos.org/build/39412928
2016-09-01 20:39:33 +03:00
Eelco Dolstra
e05c4c6541 libapparmor: Move python stuff to a separate output
This prevents systemd and by extension a zillion other packages from
having Python 2.7 in their closure. For example, the closure of
systemd dropped from 133 MiB to 85 MiB.
2016-09-01 18:57:43 +02:00
Joachim Fasting
0ce7b31b09
grsecurity: 4.7.2-201608211829 -> 201608312326 2016-09-01 14:51:33 +02:00
Joachim F
8c90b7db89 Merge pull request #18073 from joachifm/rtl8723bs
rtl8723bs: 6918e9b2ff29 -> 2016-04-11, fix build against 4.7
2016-09-01 14:48:51 +02:00
Tuomas Tynkkynen
8c4aeb1780 Merge staging into master
Brings in:
    - changed output order for multiple outputs:
      https://github.com/NixOS/nixpkgs/pull/14766
    - audit disabled by default
      https://github.com/NixOS/nixpkgs/pull/17916

 Conflicts:
	pkgs/development/libraries/openldap/default.nix
2016-09-01 13:27:27 +03:00
Franz Pletz
003ab1d9fd
nftables: 0.5 -> 0.6 2016-09-01 12:25:14 +02:00
Tuomas Tynkkynen
20ab753e35 libaudit: Split into multiple outputs 2016-08-31 23:15:28 +03:00
Graham Christensen
24f7946489 Merge pull request #18154 from womfoo/fix/mbpfan-buffer-overflow
mbpfan: include buffer overflow patch
2016-08-31 08:16:57 -04:00
Kranium Gikos Mendoza
bbafdefd86 mbpfan: include buffer overflow patch 2016-08-31 19:25:28 +08:00
Philip Potter
66726acfae sysklogd: fix compile error (#18133)
sysklogd was failing to build because it didn't know the size of the
`union wait` type.

Running `git bisect` showed 9744c7768d,
which bumped glibc from 2.23 to 2.24, as the likely suspect.  This is
corroborated by evidence such as this email:
https://lists.debian.org/debian-glibc/2016/08/msg00069.html

Linux from scratch recommends changing `union wait` to `int`:
http://www.linuxfromscratch.org/lfs/view/development/chapter06/sysklogd.html

Therefore, that's what this commit does.
2016-08-31 00:05:07 +02:00
Nikolay Amiantov
0987f2ff6a Merge pull request #18100 from Mic92/android-udev-rules
android-udev-rules: usage example
2016-08-30 23:09:56 +04:00
Octavian Cerna
938b993091 raspberrypifw: Don't strip ELF files
Stripping breaks raspivid and other executables.
2016-08-30 17:34:16 +03:00
Tuomas Tynkkynen
d3dc3d4130 Merge remote-tracking branch 'dezgeg/shuffle-outputs' into staging
https://github.com/NixOS/nixpkgs/pull/14766
2016-08-30 12:43:37 +03:00
aszlig
f19c961b4e
linux-testing: Fix arg list too long in modinst
With the default kernel and thus with the build I have tested in
74ec94bfa2, we get an error during
modules_install:

make[2]: execvp: /nix/store/.../bin/bash: Argument list too long

I haven't noticed this build until I actually tried booting using this
kernel because make didn't fail here.

The reason this happens within Nix and probably didn't yet surface in
other distros is that programs only have a limited amount of memory
available for storing the environment and the arguments.

Environment variables however are quite common on Nix and thus we
stumble on problems like this way earlier - in this case Linux 4.8 - but
I have noticed this in 4.7-next as well already.

The fix is far from perfect and suffers performance overhead because we
now run grep for every *.mod file instead of passing all *.mod files
into one single invocation of grep.

But comparing the performance overhead (around 1s on my machine) with
the overall build time of the kernel I think the overhead really is
neglicible.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-30 06:55:52 +02:00
Tuomas Tynkkynen
47784e55e1 darwin binutils: Fix binutils-raw output references 2016-08-30 02:57:43 +03:00
Jörg Thalheim
ec20540a1a
android-udev-rules: usage example 2016-08-29 23:40:13 +02:00
aszlig
74ec94bfa2
linux/kernel/testing: 4.8-rc3 -> 4.8-rc4
Tested by only building the linux_testing attribute, but haven't yet
tested it in production.

I've also fixed the extraMeta.branch attribute.

Verified-with-PGP: ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-29 20:52:19 +02:00
aszlig
42e1ec215e
linux/kernel: Remove MLX4_EN_VXLAN for 4.8
This option is no longer needed and has been removed in upstream commit
torvalds/linux@a831274a13.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-29 20:52:19 +02:00
aszlig
0bce188ec1
linux/kernel: Remove KVM_APIC_ARCHITECTURE for 4.8
The option is no longer needed and has been removed upstream in
torvalds/linux@557abc40d1.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-29 20:52:19 +02:00
Robin Gloster
6a04de991c
linuxPackages_3_12.ena: fix build 2016-08-29 16:35:13 +00:00
obadz
0e9d355397 musl: disable stackprotector hardening
Prevents busybox segfault
2016-08-29 13:04:29 +01:00
Tuomas Tynkkynen
0e26cf84fc kernel: Remove propagatedBuildOutputs
Not needed after the shuffle.
2016-08-29 14:49:52 +03:00
Tuomas Tynkkynen
a17216af4c treewide: Shuffle outputs
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
obadz
b74793bd1c Merge branch 'master' into staging
Conflicts:
	pkgs/tools/system/facter/default.nix
2016-08-29 12:44:17 +01:00
Joachim Fasting
898edb0fbc lttng-modules: 2.6.3 -> 2.8.0
Full changelog at
https://git.lttng.org/?p=lttng-modules.git;a=blob_plain;f=ChangeLog;hb=4d484e547c486f902a60216dc421cb891b772431

Built against linux and linux_latest

cc @bjornfor
2016-08-29 11:39:44 +02:00
Joachim Fasting
e5c3a52afc
grsecurity: fix features.grsecurity
Previously, features.grsecurity wasn't actually set due to a bug in the
grsec builder. We now rely on the generic kernel builder to set features
from kernelPatches.
2016-08-29 04:09:40 +02:00
Joachim Fasting
b56f7acc78
batman-adv: mark as broken on -grsec
Looks to be incompatible with the PaX constification plugin:

> /tmp/nix-build-batman-adv-2016.2-4.7.2.drv-0/batman-adv-2016.2/net/batman-adv/soft-interface.c:1065:22:
error: constified variable 'batadv_link_ops' placed into writable
section ".data..read_mostly"
 struct rtnl_link_ops batadv_link_ops __read_mostly = {

https://hydra.nixos.org/build/39312033/log/raw
2016-08-29 04:09:40 +02:00
Joachim Fasting
fcf5a24d8c
kernel config: set DEBUG_STACKOVERFLOW regardless of features.grsecurity
features.grsecurity has actually been unset for a long time, with no
ill effect on grsec kernel builds so this conditional looks useless.
2016-08-29 04:08:39 +02:00
Kranium Gikos Mendoza
268cb1a08b forkstat: 0.01.13 -> 0.01.14 (#18076) 2016-08-29 01:38:01 +00:00
Joachim Fasting
e0ee5dc04f
rtl8723bs: 6918e9b2ff29 -> 2016-04-11, fix build against 4.7
Upstream
e71a5fc58c
adds linux 4.7 support; all subsequent commits are error fixes so we
bump to current HEAD for good measure.

Built against linux and linux_latest.

Mark as broken on -grsec, seems incompatible with PaX
constification:
> 76fb2-src/hal/rtl8723b_hal_init.c:2186:26: error: assignment of member
'free_hal_data' in read-only object
  pHalFunc->free_hal_data = &rtl8723b_free_hal_data;

and so on.
2016-08-29 03:31:14 +02:00
Robin Gloster
e17bc25943
Merge remote-tracking branch 'upstream/master' into staging 2016-08-29 00:24:47 +00:00
Tuomas Tynkkynen
c004c6e14d kernel config: Explicitly enable some stuff not enabled by 'make alldefconfig'
List of what to enable taken from https://lwn.net/Articles/672587/.
This doesn't change the resulting x86 configs, but is more useful for
other architectures. For instance, POSIX_MQUEUE is currently missing
on ARM.
2016-08-29 03:07:11 +03:00
obadz
3de6e5be50 Merge branch 'master' into staging
Conflicts:
      pkgs/applications/misc/navit/default.nix
      pkgs/applications/networking/mailreaders/alpine/default.nix
      pkgs/applications/networking/mailreaders/realpine/default.nix
      pkgs/development/compilers/ghc/head.nix
      pkgs/development/libraries/openssl/default.nix
      pkgs/games/liquidwar/default.nix
      pkgs/games/spring/springlobby.nix
      pkgs/os-specific/linux/kernel/perf.nix
      pkgs/servers/sip/freeswitch/default.nix
      pkgs/tools/archivers/cromfs/default.nix
      pkgs/tools/graphics/plotutils/default.nix
2016-08-27 23:54:54 +01:00
Bjørn Forsman
daa9d5edca perf: unbreak build since glibc 2.24 upgrade
glibc 2.24 deprecated readdir_r, breaking the perf build:

  $ nix-build -A linuxPackages.perf
  ...
    CC       util/event.o
    CC       util/evlist.o
  util/event.c: In function '__event__synthesize_thread':
  util/event.c:448:2: error: 'readdir_r' is deprecated [-Werror=deprecated-declarations]
    while (!readdir_r(tasks, &dirent, &next) && next) {
    ^
  In file included from /nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/features.h:368:0,
                   from /nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/stdint.h:25,
                   from /nix/store/jsazxc1b86g2ww569ziwhhvkz8z43vjd-gcc-5.4.0/lib/gcc/x86_64-unknown-linux-gnu/5.4.0/include/stdint.h:9,
                   from /tmp/nix-build-perf-linux-4.4.19.drv-0/linux-4.4.19/tools/include/linux/types.h:6,
                   from util/event.c:1:
  /nix/store/8ic0jwg3p5vcwx52k4781n987hmv0bks-glibc-2.24-dev/include/dirent.h:189:12: note: declared here
   extern int __REDIRECT (readdir_r,
              ^
  util/event.c: In function 'perf_event__synthesize_threads':
  util/event.c:586:2: error: 'readdir_r' is deprecated [-Werror=deprecated-declarations]
    while (!readdir_r(proc, &dirent, &next) && next) {

Fix by adding -Wno-error=deprecated-declarations compile flag.
2016-08-27 10:21:57 +02:00
Gabriel Ebner
131cd8f45d Merge pull request #18005 from gebner/kernel-amd-powerplay
kernel: config: enable DRM_AMD_POWERPLAY
2016-08-26 19:04:54 +02:00
Franz Pletz
f75ab31234
sysklogd: fix broken build caused by new glibc version 2016-08-26 15:03:19 +02:00
Franz Pletz
40e0e5fb0b
linux_testing: 4.7-rc7 -> 4.8-rc3 2016-08-26 14:47:45 +02:00
Franz Pletz
aacf6651c1
linux: 4.4.18 -> 4.4.19 2016-08-26 14:47:45 +02:00
Franz Pletz
90251478ec
linux: 4.1.30 -> 4.1.31 2016-08-26 14:47:45 +02:00
Franz Pletz
377c851395
linux: 3.18.36 -> 3.18.40 2016-08-26 14:47:45 +02:00
Franz Pletz
dc37edb36c
linux: 3.14.73 -> 3.14.77 2016-08-26 14:47:45 +02:00
Franz Pletz
458d477215
linux: 3.12.61 -> 3.12.62 2016-08-26 14:47:45 +02:00
Michael Raskin
7e631101b9 lxc: 2.0.3 -> 2.0.4 2016-08-26 13:43:35 +02:00
Gabriel Ebner
7b01df18a2 kernel: config: enable DRM_AMD_POWERPLAY 2016-08-26 08:45:49 +02:00
Shea Levy
2b1fa9da8b Add initial patches for CPU Controller on Control Group v2 2016-08-25 13:01:40 -04:00
Lancelot SIX
7fd44eafa6 Merge pull request #17817 from mbrock/libselinux-fix
libselinux: fix Python binding

Built and tested locally.
2016-08-25 12:43:19 +02:00
Robin Gloster
eddc0a5549
treewide: fix darwin builds by using getOutput
This fixes eval for pkgs referring to optional static output
2016-08-25 08:44:20 +00:00
Franz Pletz
df275f5b85 treewide: fix darwin builds by referring to stdenv's libc 2016-08-25 02:56:25 +02:00
Franz Pletz
29ec1c6b09 audit: 2.4.4 -> 2.6.6 2016-08-25 01:56:36 +02:00
Franz Pletz
f0f95d03ca utillinux: 2.28 -> 2.28.1 2016-08-25 01:55:42 +02:00
Franz Pletz
3ce7b77517 libnl: 3.2.27 -> 3.2.28 2016-08-25 01:55:41 +02:00
Franz Pletz
a30bf645f2 sinit: 0.9.2 -> 1.0, fix glibc static linking 2016-08-24 21:31:02 +02:00
Franz Pletz
d5189fb7ad lxc: 2.0.3 -> 2.0.4, fixes hardened build 2016-08-24 21:31:02 +02:00
Robin Gloster
c26de11551 linuxPackages.perf: fix build with new glibc and remove hack
elfutils now adds a eu- prefix to avoid collisions
2016-08-24 19:19:02 +00:00
Daiderd Jordan
8b8a74d5d6 Merge pull request #17864 from LnL7/darwin-libsecurity
darwin.libsecurity: fix for gnustep makefiles
2016-08-24 19:56:24 +02:00
Robin Gloster
9e47acb89d otpw: disable stackprotector hardening 2016-08-24 17:19:43 +00:00
Shea Levy
8b9b9fad31 Revert "Revert "Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs""
Revert a revert of a merge that shouldn't have been in master but was intentionally in staging.

Next time I'll do this right after the revert instead of so far down the line...

This reverts commit 9adad8612b.
2016-08-24 07:35:30 -04:00
obadz
0e8d2725dc Merge branch 'master' into staging 2016-08-23 18:50:06 +01:00
Joachim Fasting
cf592a8969
grsecurity: 4.7.1-201608161813 -> 4.7.2-201608211829 2016-08-23 01:49:34 +02:00
obadz
24a9183f90 Merge branch 'hardened-stdenv' into staging
Closes #12895

Amazing work by @globin & @fpletz getting hardened compiler flags by
enabled default on the whole package set
2016-08-22 01:19:35 +01:00
obadz
ba50fd7170 Merge branch 'master' into staging 2016-08-22 01:18:11 +01:00
Tim Steinbach
175028582c
linux: 4.7.1 -> 4.7.2 2016-08-21 13:56:45 +00:00
Daiderd Jordan
a9e913ffbf
darwin.security_tool: fix for gnustep makefiles 2016-08-20 13:43:58 +02:00
Daiderd Jordan
0ec2ba9497
darwin.libsecurity: fix for gnustep makefiles 2016-08-20 13:32:10 +02:00
Mikael Brockman
1f50e2412f libselinux: fix Python binding
Applies unreleased patch from upstream.
2016-08-19 19:06:25 +03:00
Nikolay Amiantov
2abe917f18 kmod: 22 -> 23, add /lib/modules to module directories 2016-08-19 17:57:08 +03:00
Nikolay Amiantov
ff22705793 treewide: replace several /sbin paths by /bin 2016-08-19 17:56:45 +03:00
Nikolay Amiantov
30c9aa2698 kmod: add patch to allow searching for modules in several directories 2016-08-19 17:56:39 +03:00
obadz
1047ed49d9 Merge branch 'master' into staging
Conflicts: pkgs/os-specific/linux/kmod/default.nix cc @abbradar
2016-08-19 15:28:58 +01:00
Tuomas Tynkkynen
bd68309643 kernel config: Enable SECCOMP
This is used by systemd >= 231 and is not enabled in the ARM
multiplatform defconfig.
2016-08-18 16:33:46 +03:00
Joachim Fasting
66a3f0e988
gradm: 3.1-201607172312 -> 3.1-201608131257 2016-08-17 15:19:33 +02:00
Joachim Fasting
ba20363f11
grsecurity: 4.7-201608151842 -> 4.7.1-201608161813 2016-08-17 15:19:27 +02:00
Franz Pletz
2571438988 linux: 4.7 -> 4.7.1 2016-08-17 05:46:00 +02:00
Franz Pletz
7a4407461b linux: 4.6.6 -> 4.6.7
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Franz Pletz
da95fb368c linux: 4.4.17 -> 4.4.18
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Franz Pletz
2104d28bcd linux: 4.1.27 -> 4.1.30
Fixes CVE-2016-5696.
2016-08-17 05:45:59 +02:00
Frederik Rietdijk
5a501bd828 Remove top-level dbus_python and pythonDBus.
See #11567.

Furthermore, it renames pythonPackages.dbus to pythonPackages.dbus-
python as that's the name upstream uses.

There is a small rebuild but I couldn't figure out the actual cause.
2016-08-16 22:52:37 +02:00
Domen Kožar
40da4e6ce7 fix eval 2016-08-16 22:30:15 +02:00
Robert Helgesson
f396a0b4d0
hd-idle: init at 1.05 2016-08-16 21:59:14 +02:00
Joachim Fasting
d82ddd6dc0
grsecurity: 4.7-201608131240 -> 4.7-201608151842 2016-08-16 17:50:37 +02:00
Joachim Fasting
b1cceeda84
grsecurity: enable pax size overflow plugin 2016-08-16 17:50:36 +02:00
Joachim Fasting
3fcb9e6f57
grsecurity: support non-enforcing mode
Until we've made sure that most things actually work out of the box, we
need to give people a way of continuing to use the system without
completely disabling grsecurity.

Set sysctl kernel.pax.softmode=1 or boot with pax.softmode=1
2016-08-16 17:50:36 +02:00
Robin Gloster
33e1c78ae3 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-16 07:54:01 +00:00
Nikolay Amiantov
081ac25dc6 kmod: 22 -> 23, add /lib/modules to module directories 2016-08-16 02:42:19 +03:00
Shea Levy
9adad8612b Revert "Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs"
Was meant to go into staging, sorry

This reverts commit 57b2d1e9b0, reversing
changes made to 760b2b9048.
2016-08-15 19:05:52 -04:00
Shea Levy
57b2d1e9b0 Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs 2016-08-15 19:01:44 -04:00
Nikolay Amiantov
1afd250676 treewide: replace several /sbin paths by /bin 2016-08-16 00:19:25 +03:00
Nikolay Amiantov
131fca0a85 kmod: add patch to allow searching for modules in several directories 2016-08-16 00:19:25 +03:00
Joachim Fasting
9062c67914
grsecurity: 4.6.5-201607312210 -> 4.7-201608131240 2016-08-15 20:36:46 +02:00
Moritz Ulrich
21df40f85f systemd-cryptsetup-generator: Fix bug.
The annoying wrapper script also wraps `systemd-cryptsetup`. We need to
copy the original binary to $out too.
2016-08-15 12:42:44 +02:00
Nikolay Amiantov
5b296a1470 Merge branch 'master' into staging 2016-08-15 10:34:28 +03:00
Franz Pletz
64c79e8526 linux: 4.6.5 -> 4.6.6 2016-08-15 04:28:08 +02:00
Franz Pletz
2a8718fb0b linux_4_5: remove, not support by upstream anymore 2016-08-15 04:28:02 +02:00
Robin Gloster
a37d695c95 linuxPackages.spl: remove unnecessary substituteInPlace
`substituteInPlace` was operating on a non-existant file.
Updated to use `autoreconfHook`.
2016-08-14 22:55:21 +00:00
Dan Peebles
ea34fe82bc swift-corefoundation: some cleanup
I upstreamed some patches so I'm using those now
2016-08-14 18:22:19 -04:00
Dan Peebles
4705a9a6c1 swift-corefoundation: actually remove spurious dependency 2016-08-14 17:42:03 -04:00
Dan Peebles
6cf13bfe66 swift-corefoundation: remove spurious buildInput
libpthread is part of libSystem, so there's no need to depend on it
explicitly
2016-08-14 17:40:05 -04:00
Dan Peebles
1861744e7c swift-corefoundation: init
This currently only produces a static library, but is a start :) soon we
might be able to incorporate it into our stdenv, but we need to get the
build system to produce a proper .framework first.
2016-08-14 17:35:44 -04:00
Dan Peebles
98b5e3a531 darwin.libpthread: fix messed-up header
We don't actually need the private headers and the private qos.h was
overwriting the public one, causing weird issues downstream (especially
with Swift's CoreFoundation)
2016-08-14 17:34:55 -04:00
Michele Guerini Rocco
7522de2f4b btfs: 2.10 -> 2.11 (#17737)
(cherry picked from commit 340a9571f5)
2016-08-14 21:14:20 +00:00
Robin Gloster
a6c5638565 Revert "btfs: 2.10 -> 2.11 (#17737)"
This reverts commit 340a9571f5.
2016-08-14 21:12:21 +00:00
Michele Guerini Rocco
340a9571f5 btfs: 2.10 -> 2.11 (#17737) 2016-08-14 22:48:56 +02:00
Nikolay Amiantov
3e84cbc4ca autofs5: 5.1.1 -> 5.1.2 2016-08-14 22:39:18 +03:00
Nikolay Amiantov
c60deb0266 quote homepages for better clickability
Done while I was traversing packages which I maintain to save extra clicks on
urxvt (it captures semicolon as a part of URL).
2016-08-14 22:37:10 +03:00
Nikolay Amiantov
b30f4e5e4f android-udev-rules: 2016-04-26 -> 20160805 2016-08-14 22:37:10 +03:00
Dan Peebles
948b7f23bb darwin.{xnu, Libc}: 10.9 -> 10.11
I can't submit this in smaller units because the various components all
depend on one another during the stdenv bootstrap, so I think this is
the smallest sensible change I can make.

I also removed the symbol-hiding shenanigans in Libsystem. It might mess
up compatibility with 10.9 but I don't really want to support the added
complexity and I see little evidence of anyone else wanting to support
it. If someone cares, we might be able to revive compatibility, but for
now it'll stay like this.
2016-08-14 12:53:33 -04:00
Eric Sagnes
f0fef4defb wireguard-unstable: 2016-07-22 -> 2016-08-08 (#17727) 2016-08-14 10:47:16 +00:00
Robin Gloster
99cb230b47 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-14 09:09:20 +00:00
Robin Gloster
8071cafe66 linuxPackages.rtl8812au: fix build 2016-08-14 08:59:55 +00:00
Robin Gloster
2676cf9525 linuxPackages.lttng-modules: fix build 2016-08-14 08:59:19 +00:00
Domen Kožar
a7f8787dbd Merge pull request #17705 from womfoo/bump/hwdata-0.291
hwdata: 0.276 -> 0.291
2016-08-13 17:00:08 +02:00
Franz Pletz
bd4490e277 Merge branch 'master' into hardened-stdenv 2016-08-13 16:59:55 +02:00
Franz Pletz
fa3a35b241 linuxPackages.fusionio-vsl: disable pic hardening (still broken) 2016-08-13 16:55:26 +02:00
Franz Pletz
b2c6d28a1d linuxPackages.ndiswrapper: disable pic hardening (still broken) 2016-08-13 16:50:43 +02:00
Franz Pletz
9e7d118ea2 linuxPackages.nvidia-x11: disable pic & format hardening 2016-08-13 16:49:42 +02:00
Franz Pletz
5103e70a37 linuxPackages.nvidiabl: disable pic hardening 2016-08-13 16:44:39 +02:00
Franz Pletz
73a9ce2ce3 linuxPackages.psmouse_alps: remove, driver in kernel since 3.9 2016-08-13 16:42:35 +02:00
Franz Pletz
62e6bc0bd9 linuxPackages.prl-tools: disable pic hardening 2016-08-13 16:40:42 +02:00
Franz Pletz
f55fd87c8a linuxPackages.ixgbevf: disable pic hardening 2016-08-13 16:30:35 +02:00
Franz Pletz
5e085b7fea linuxPackages.e1000e: disable pic hardening 2016-08-13 16:25:29 +02:00
Franz Pletz
d836b811cb linuxPackages.cryptodev: 1.6 -> 1.8, disable pic hardening 2016-08-13 16:24:38 +02:00
Franz Pletz
f5c9f99877 linuxPackages.ati_drivers_x11: disable pic & format hardening 2016-08-13 16:06:57 +02:00
Franz Pletz
a8deb8d647 linuxPackages.frandom: disable pic hardening 2016-08-13 16:03:32 +02:00
Franz Pletz
7d9d2d6872 linuxPackages.broadcom_sta: disable pic hardening 2016-08-13 16:02:02 +02:00
Robin Gloster
0f274be2fd linuxPackages.ena: disable pic 2016-08-13 10:12:07 +00:00
Kranium Gikos Mendoza
1bbcc7e378 hwdata: 0.276 -> 0.291 2016-08-13 10:06:34 +08:00
Luca Bruno
fda17cfd0e Merge pull request #17703 from womfoo/bump/microcode-intel-20160714
microcode-intel: 20150121 -> 20160714
2016-08-12 21:44:34 +01:00
Kranium Gikos Mendoza
050452dd7f microcode-intel: 20150121 -> 20160714 2016-08-13 03:53:03 +08:00
obadz
b2efe2babd Revert "linux kernel 4.4: fix race during build"
Removes patch. Was fixed upstream.

This reverts commit 4788ec1372.
2016-08-12 16:42:25 +01:00
Guillaume Maudoux
b1817fa8a3 linux_mptcp: 0.90.1 (kernel 3.18) -> 0.91 (kernel 4.1) (#17675) 2016-08-12 15:14:24 +02:00
Robin Gloster
b7787d932e Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-12 09:46:53 +00:00
obadz
18947c9e36 Revert "ecryptfs: fix kernel bug introduced in 4.4.14"
The Linux 4.4.17 release fixes the underlying issue

This reverts commit fad9a8841b.
2016-08-11 17:15:54 +01:00
Michael Raskin
b893d84d53 firejail: 0.9.40-rc1 -> 0.9.42-rc1 2016-08-11 17:57:35 +02:00
Michael Raskin
8b4eb6fa4d eudev: 3.1.5 -> 3.2 2016-08-11 17:57:35 +02:00
Eelco Dolstra
e26ac7afd4 linux: 4.4.16 -> 4.4.17 2016-08-11 15:20:07 +02:00
obadz
1cd9c58834 Merge pull request #17461 from rasendubi/powerpc
cross-compilation: fixes for powerpc-linux-uclibc
2016-08-11 00:51:51 +01:00
Kranium Gikos Mendoza
33166b7434 wireguard: require Linux >= 4.1 for module build (#17632) 2016-08-11 00:25:57 +02:00
Frederik Rietdijk
111d7a2af4 Merge pull request #17623 from matthewbauer/misc
Misc. hydra fixes
2016-08-10 11:35:44 +02:00
Franz Pletz
bba9728cd6 jool: 3.4.2 -> 3.4.4 2016-08-10 07:12:08 +02:00
Franz Pletz
aec9abc8e1 iputils: 20121221 -> 20151218 2016-08-10 07:12:08 +02:00
Matthew
0540e567a8 uksmtools: delete
Sources are not available from GitHub anymore and it appears to be
unmantained. A request was sent to the AUR mailing list to delete it on
May 26, 2016:

https://lists.archlinux.org/pipermail/aur-requests/2016-May/011706.html
2016-08-09 21:06:27 +00:00
Moritz Ulrich
9626707e2b systemd-cryptsetup-generator: Add note to revert 3efadce. 2016-08-09 19:21:58 +02:00
Moritz Ulrich
3efadce03b systemd-cryptsetup-generator: Fix installPhase. 2016-08-09 19:21:25 +02:00
Tuomas Tynkkynen
9a5427f667 klibc: Broken on i686 2016-08-06 17:06:45 +03:00
Tuomas Tynkkynen
088bcf4ec4 kernel config: Fix 3.10, 3.12, 3.14 builds 2016-08-06 17:06:45 +03:00
Tuomas Tynkkynen
44f462bf4d generate-config.pl: Be more verbose about missing options
For instance, the current 3.10 kernel build fails at the end with:

unused option: BRCMFMAC_PCIE
unused option: FW_LOADER_USER_HELPER_FALLBACK
unused option: KEXEC_FILE
unused option: RANDOMIZE_BASE

However, it's not obvious that only the _last_ one is actually fatal to
the build. After this change it's at least somewhat better:

warning: unused option: BRCMFMAC_PCIE
warning: unused option: FW_LOADER_USER_HELPER_FALLBACK
warning: unused option: KEXEC_FILE
error: unused option: RANDOMIZE_BASE
2016-08-06 17:06:45 +03:00
Robin Gloster
bc025e83bd uclibc: disable stackprotector hardening 2016-08-05 18:15:27 +00:00
Michal Rus
7281740c2e
linux: enable DRM_GMA600 and DRM_GMA3600
Adds basic support for Intel GMA3600/3650 (Intel Cedar Trail) platforms
and support for GMA600 (Intel Moorestown/Oaktrail) platforms with LVDS
ports via the gma500_gfx module.

Resolves #14727 Closes #17519
2016-08-05 19:07:40 +02:00
Franz Pletz
2d6b7aa545 linux: enable some useful networking options
All options are enabled by default on Debian and some other
distributions, so these should be safe.
2016-08-05 04:07:31 +02:00
Robin Gloster
1b979d8384 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-03 13:34:44 +00:00
Frederik Rietdijk
db06460257 Merge pull request #17447 from FRidh/nvidia
nvidia-x11: fix driSupport32Bit
2016-08-03 08:36:24 +02:00
Alexey Shmalko
5ab8e0d2aa
uclibc: claim maintainership 2016-08-03 03:35:54 +03:00
Tuomas Tynkkynen
21f17d69f6 treewide: Add lots of meta.platforms
Build-tested on x86_64 Linux & Mac.
2016-08-02 21:42:43 +03:00
Tuomas Tynkkynen
2258b21e4b treewide: Add lots of platforms to packages with no meta
Build-tested on x86_64 Linux and on Darwin.
2016-08-02 21:17:44 +03:00
Tuomas Tynkkynen
59ce911810 treewide: Some EOF-whitespace fixes 2016-08-02 21:17:44 +03:00
Franz Pletz
f2a66d4c16 criu: fix merge fail
d020caa5b2 vs. e3d0fe898b
2016-08-02 17:52:51 +02:00
Robin Gloster
1be4907ca2 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-02 13:46:36 +00:00
Frederik Rietdijk
8eb4b3af10 nvidia-x11: fix driSupport32Bit 2016-08-02 13:03:44 +02:00
aszlig
fef4b62657
broadcom_sta: Add patch to fix NULL pointer deref
The patch is from the following Gentoo bug:

https://bugs.gentoo.org/show_bug.cgi?id=523326#c24

Built successfully against Linux 3.18.36, 4.4.16 and 4.7.0.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @phreedom, @vcunat
2016-08-01 21:05:15 +02:00
aszlig
8f08399671
broadcom_sta: Reindent file, no code changes
Let's make sure we indent using two spaces, because the unpackPhase was
indented using four spaces.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-08-01 21:05:15 +02:00
aszlig
4d3545f2a5
broadcom_sta: Add patch for supporting Linux 4.7
Patch is from Arch Linux at:

https://aur.archlinux.org/cgit/aur.git/tree/?h=broadcom-wl

I've tested building against 3.18.36, 4.4.16 and 4.7.0.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @phreedom, @vcunat
2016-08-01 21:05:15 +02:00
aszlig
bd7ce1581d
broadcom_sta: 6.30.223.248 -> 6.30.223.271
The patch for kernel version 3.18 is already applied upstream, so we
don't need it any longer.

Without i686-build-failure.patch, the build for i686-linux fails because
it references rdtscl(), which is no longer available in Linux 4.3.0.

Patch for missing rdtscl() is from Arch Linux:

https://aur.archlinux.org/cgit/aur.git/tree/002-rdtscl.patch?h=broadcom-wl-ck

I've tested building against 32 and 64 bit Linux versions 3.18.36,
4.4.16 and 4.7.0.

The hashes were verified using the ones from the AUR (using the 16 bit
hashes of course):

$ nix-hash --type sha256 --to-base16 1kaqa2dw3nb8k23ffvx46g8jj3wdhz8xa6jp1v3wb35cjfr712sg
4f8b70b293ac8cc5c70e571ad5d1878d0f29d133a46fe7869868d9c19b5058cd
$ nix-hash --type sha256 --to-base16 1gj485qqr190idilacpxwgqyw21il03zph2rddizgj7fbd6pfyaz
5f79774d5beec8f7636b59c0fb07a03108eef1e3fd3245638b20858c714144be

AUR hashes can be found at:

https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=broadcom-wl&id=9d6f10b1b7745fbf5d140ac749e2253caf70daa8#n26

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @phreedom, @vcunat
2016-08-01 21:05:15 +02:00
Karn Kallio
5d11dac8bb nvidia-x11: advance to 365.35 and patch kernel 4.7. 2016-08-01 10:19:57 -04:00
Joachim Fasting
76f2e827a7
grsecurity: 4.6.5-201607272152 -> 4.6.5-201607312210 2016-08-01 12:46:48 +02:00
Robin Gloster
63c7b4f9a7 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-31 20:51:34 +00:00
Robin Gloster
43ba8d295f nvidia-x11: disable pic/format hardening 2016-07-31 20:38:38 +00:00
Eric Sagnes
d6452987fb wireguard: 20160708 -> 2016-07-22 (#17362) 2016-07-31 13:57:37 +02:00
Franz Pletz
2fa9bd5059 hostapd: add patch to fix build with libressl
Fixes #17315.
2016-07-29 12:03:08 +02:00